[dns-operations] More Aggressive prefetch for popular names
Paul Hoffman
phoffman at proper.com
Wed Apr 10 14:27:55 UTC 2019
On 10 Apr 2019, at 0:42, Giovane Moura wrote:
>> So why would anyone want to prefetch popular names? You get a lot of
>> hits
>> already while the TTL expires. Preventing that one cache miss does
>> not get
>> you a lot of gain on aggregate. It appears that the benefit of
>> prefetching
>> is concentrated among 'moderately popular domains'.
>>
>> If a popular name with a low TTL has a slow / unreliable set of
>> authoritative servers, why paper over that? They can either raise
>> their TTL
>> or fix their servers.
>
> +1
>
> Plus, let's not forget the consequences for auth servers if thousands
> of
> resolvers start to do prefetching: if they were slow, imagine then
> with
> prefetching from potentially thousands of clients for thousands of
> domains. It can and will probably make things *worse* for the auth
> side.
>
> Modern resolvers already have two built in mechanism to deal with slow
> or unresponsive auth servers: server switching (looping thru the NS
> list) and retries (resending the queries).
>
> We have seen in a controlled experiment with 15,000 vantage points
> what
> can happen when auth servers become unresponsive (like during a DDos):
> resolvers will multiply their normal query load by 8-9 times, in an
> attempt to resolve a domain. See Fig 9 in [1].
>
> In summary: prefetching may backfire big time. By creating
> unnecessarily
> traffic, it may winding up increasing the latency for everybody.
>
> /giovane
>
> [1] https://www.isi.edu/~johnh/PAPERS/Moura18b.pdf
The flip side of this argument is that prefetching when a new request is
expected within the next TTL helps the first users after the TTL
expiration. For 30-second TTLs, this could easily be of value to more
than one user, particularly if the authoritative response is slow.
Prefetching without a perceived need is indeed wasteful. However, if the
name was served from the cache during the last 25% of the TTL, that's a
good indication that it will be requested again after the TTL has
expired. Using this non-aggressive pre-fetching "requested from the
cache during the end of lifetime" rule seems useful to resolver users
while only increasing the authoritative load in the less common cases.
--Paul Hoffman
More information about the dns-operations
mailing list